Saturday, September 29, 2012

A dangerous intervention ...

A few years ago, I warned about the dangers of Government intervention and creation of certified cloud providers. After reading the EC communication on Cloud Computing, my concerns are that we will start on this path.

First, some background :-

Cloud computing represents the evolution of a range of IT related activities from a product and product service model to one of commodity and utility provision. As such it has impact in terms of efficiency, rapid generation of higher order systems and new sources of value creation. In much the same way utility provision of electricity spurred on new activities such as radio, telephone, computing and new industries around this.

However, it's not just activities (what we do) that evolve but practices (how we do things). Hence architectural practices related to computing are co-evolving with the activity of computer infrastructure and we see the rise of what is known as "DevOps". This is all normal fare and these cycles of change repeat throughout history.

Each time we undergo such a change both consumers and vendors can have inertia to it. 

In the case of business consumers, some of this inertia is due to the changing architectural practice and the issue that legacy applications are not designed for the cloud. Hence there is often a desire on their part to have the new model operate like the old i.e. to have clouds which actually have the characteristics of more old fashioned data centres, a concept commonly dubbed as the "Enterprise Cloud". This inertia can be exploited to extend old business models.

In the case of vendors, much of their inertia is due to past success i.e. they become habituated to selling customers products and product rental models and are encumbered by their existing business. Which is why this period of change is often initiated by new unencumbered entrants (in the case of computing infrastructure this would be Amazon). The past giants often attempt to continue or extend their business models, believing the change is just a fad. History is not on their side and the result is disruption of the past models.

Today, we have all these issues with cloud - the new entrants providing utility services for computing, vendors and customers often suffering inertia and the attempt to extend past models.

EC communication on Cloud Computing

The EC communication recognises many of these changes and talks of the industrialization of IT. It notes the importance in forming competitive markets of utility providers with easy switching in order to avoid lock-in and other concerns consumers have. This is all reasonable.

The EC communication highlights its intention to help standards form in the industry in order to achieve these goals of competitive markets and choice for consumers. This is also reasonable if the approach is one of adoption of defacto standards (i.e. market chosen) and ensuring their provision both as open standards (i.e. royalty free) and through reference implementations in order to ensure semantic interoperability. These reference models (i.e. an expression of the standard as code) would need to be open sourced in order to ensure a competitive market which is free from constraints or control of specific vendors.

Already, in the infrastructure space, such candidate reference implementations exist with 850+ companies now involved in the Open Stack effort, an entirely open sourced IaaS which is at the heart of an industry movement towards creating competitive, service based markets. It's one of many such potential reference implementations - others including CloudStack, Eucalyptus and Open Nebula. In light of these developments, an EC approach of supporting any defacto provided as open standards with open source reference implementations should suffice in encouraging competitive markets.

Another part of communication discusses the need for voluntary certification and the EC's intention to enable this. If a competitive market of multiple providers forms then as with other utility industries such an assurance / compliance industry should be expected to form. The objection with the communication is that given the development of the market there is no need for intervention of the EC with certification. The danger is the EC risks "blessing" the certification programs it involves itself with.

Such an act can have negative consequences because certification is fundamentally about approval of certain characteristics however the market has not yet come to terms with what characteristics are essential and many business consumers in the market are suffering inertia to change. In these circumstances, certification could be manipulated to "bless" past business models i.e. to create a preference for "Enterprise Clouds" and thereby play upon the inertia that some companies have.  For example, a focus on SLAs can be used to strengthen the case for "Enterprise Clouds" over "Commodity Clouds" despite the latter being the more evolved state that industry will head towards.

The effect of this can be detrimental to industry, as companies adopt services that they wish to believe represent the future and are "blessed" by the EC through supported certifications but then discover the services represent a continuation of old models which take advantage of their inertia to change i.e. the quick fix to adopting cloud is simply to rebadge your existing enterprise hosting service as "Cloud".

A counter argument to this, is that though there is a risk, the trade off to this is encouraging adoption however it assumes that the EC is more capable of deciding what certification is required than the market. Given a situation where there is already significant market efforts to make interoperable systems and competitive markets (such as Open Stack and its 850+ member companies) then this seems premature.

I would agree with the EC effort to support standards, where those standards are designed to encourage a free (as in from constraints) and competitive market and hence based upon defacto (i.e. market chosen), open standard and open source reference models.

I would not agree with the EC effort to support certification programs as these would naturally form in a competitive market and the EC runs the risk of interfering with the process before the market has chosen and the EC cannot be sure that such interference will be beneficial and not manipulated.